Manta Founder Details Attempted Zoom Hack by Lazarus That Used Very Real ‘Legit Faces'

Manta Founder Details Attempted Zoom Hack by Lazarus That Used Very Real ‘Legit Faces'

According to Manta Network co-founder Kenny Li, he managed to avoid a highly sophisticated phishing attack on Zoom that used live recordings of familiar people in an attempt to have him download malware. Li's close call highlights the threat posed by state-affiliated cyber-attackers like North Korea's Lazarus Group.

Li revealed in an April 17 X post that he was targeted by a highly convincing phishing attack on Zoom, where the attacker used live recordings of familiar people to make the meeting seem real. The impersonated person's camera was on, but there was no sound, raising red flags for Li. A suspicious prompt to download a script file also triggered his alarm.

"I could see their legit faces. Everything looked very real. But I couldn’t hear them," Li said in his X post. "It said my Zoom needs an update. But it asked me to download a script file. I immediately left." Li then attempted to verify the impersonator's identity over a Telegram call, but they refused and soon erased all messages and blocked him.

Li believes that the Lazarus Group was behind the attack, citing evidence from his conversation with the attacker before the messages were deleted. The live shots used in the video call looked like they were taken from past recordings of real team members, Li said. "It didn’t seem AI-generated. The quality looked like what a typical webcam quality looks like."

Li also confirmed that the real person's accounts had been compromised by the Lazarus Group.

Beware of Being Asked to Download Anything

"These are hacks that play to your emotional connection and potentially mental fatigue," Li advised other members of the crypto community. "Beware of being asked to download anything out of the blue."

Li's experience serves as a reminder to be cautious when receiving unexpected meeting requests or messages, especially those that ask you to download files.

A Coincidence in Crypto Community Experiences

"They also asked me to download Zoom via their link, and said that it's only for their business," said a member of ContributionDAO. "Even though I actually have Zoom on my computer, I couldn’t use it." The victim had requested to switch to Google Meet instead, but the attacker refused.

"A friend of mine fell victim to the exact same strategy that Li avoided," said crypto researcher and X user "Meekdonald". This incident highlights the importance of staying vigilant against phishing attacks in the crypto community.

Lazarus Group's 2024 Pause Repositioning for $1.4B Bybit Hack

Related: Lazarus Group’s 2024 pause was repositioning for $1.4B Bybit hack